PHP: Delete or Expire a Browser Cookie

Cookies may be created with an expiration time. It may become necessary to expire a cookie before the expiration time such as when a user logs out of a cookie-based authentication web application. This tech-recipe describes expiring a cookie.


Expiring a cookie uses the same command as creating a cookie. The cookie value is left blank, and the expiration time needs to be in the past. To expire the cookie ‘user,’ use the following:

setcookie('user','',1);

The second parameter is the cookie value and is set to blank with the double quotes. The third parameter is the expiration time. A value of zero here indicates that the cookie is to remain valid until the browser is closed. A positive value indicates the time at which the cookie is to expire. Many sources indicate using something as follows:

setcookie('user','',time()-3600)

This sets the expiration time 3600 seconds (one hour) in the past. The trick is that this references the time on the server while the cookie expiration is dependent on the time of the host running the browser. If there is a mismatch of time between the two hosts, it is possible that a cookie may not expire. However, using a time of ‘1’ indicates an expiration time of one second after midnight, January 1st, 1970, which is the earliest possible expiration time.

 

About Quinn McHenry

Quinn was one of the original co-founders of Tech-Recipes. He is currently crafting iOS applications as a senior developer at Small Planet Digital in Brooklyn, New York.
View more articles by Quinn McHenry

The Conversation

Follow the reactions below and share your own thoughts.

  • Rom├ín

    Nice trick!

  • Anonymous

    Good Idea. This is a smart way to delete cookies.
    Thanks

  • Artem Egorov

    Good article for php beginer )

  • LaNN

    You notice that the time different between server and client will make the cookie deletion unsuccessful. Don’t assume time between server and client cannot be different more than 1 hour. If I browse your site in different time zone, the cookie possibly not to be deleted. Thus we need to set the time more than 24hours in the past.
    Easier to write setcookie(‘user’,”,1)
    But recommended to write setcookie(‘user’,”,time()-60*60*24*2) // 2days past.

    • Kirill

       Recommended by who? Here is a simple explanation why 1 is better than any of these mathematical calculations inside of setcookie command.

  • Thanks for the tip!

  • Arpit

    i have been using this trick and it is good but its not working for my site.
    can it be a problem with my host?

  • To delete a cookie by resetting it has severe and drastic limits.
    I have found that when using PHP, after the header has had any output, you cannot ‘reset’ a cookie that way to make it expire.

    In my opinion, a better way, (from a PHP programers’ view), is to use:
    unset($_COOKIE[‘the_cookie_name’]);

    From my experience, doing it this way, you can delete a cookie anywhere within the PHP code without a problem and not restricted to when or where you delete it..

    • Anonymous

      no don’t use unset() use setcookie()
      the main unsuccessfull delete or expire cookie is because you made a cookie in dive folder inside host and you can’t delete in diferent folder outside you made and cookie path is set value already.

      for better security and successfully use :
      setcookie(“cookiename”,””,mktime(12,0,0,1, 1, 1990), “/”);

    • sandip kalbhile

      nice this is smart programming

  • developer in php

    now i can easily delete cookies..
    Thank you…!

  • middlewhere

    Only the following worked for me:

    unset($_COOKIE[‘the_cookie_name’]);

    Thanks Webmaster Trainman2k

  • Somehow it seems you always need to know the ‘name of a cookie’…But if you don’t know this?

    I am busy with protecting pages from a WordPress website. Protecting works fine…but now I want provide a ‘log out’ button somewhere…but whatever I do…people stay logged in.

    I want them to click on the ‘log out’ button and then end up on the startpage of the website…on which are 2 options: enter website – member login

    All Javascript and PHP trickery I have tried always need the name of the Cookie.

    And when I get the name of the Cookie (with the webdevelopers toolbar in Firefox) and put this in the right position…it never works,

    Help is needed…sigh…

  • Jarrod Christman

    Don’t use unset($_COOKIE[‘variablename’]). That will only unset the variable from the $_COOKIE superglobal array, it will not expire (delete) the cookie itself.

  • Hi Experts,

    just i want to know about how to create cookies using CORE PHP

    Advance Thanks

    Regards
    Mr . Dhenu

  • Vkijust4u

    Thanks dude…u owe me…..

  • Rocket Ride SEO

    Smart! I never thought about just setting the expire time to 1.

  • Doug

    Awesome post! Thanks so much! Don’t know why this isn’t in all the tutorials.